AWS Security ChangesHomeSearch

AWS solutions medium security documentation change

Service: solutions · 2025-11-19 · Security-related medium

File: solutions/latest/clickstream-analytics-on-aws/ingestion-endpoint.md

Summary

Added S3 bucket policy example for ELB log delivery

Security assessment

The new example policy explicitly grants s3:PutObject permission to ELB log delivery service. This prevents misconfigurations that could block log delivery or require overly permissive policies, addressing potential visibility gaps. Proper logging is critical for security monitoring.

Diff

diff --git a/solutions/latest/clickstream-analytics-on-aws/ingestion-endpoint.md b/solutions/latest/clickstream-analytics-on-aws/ingestion-endpoint.md
index 088663d30..cf72a2f69 100644
--- a//solutions/latest/clickstream-analytics-on-aws/ingestion-endpoint.md
+++ b//solutions/latest/clickstream-analytics-on-aws/ingestion-endpoint.md
@@ -103,0 +104,21 @@ Below is an example policy for the bucket in Regions available before August 202
+JSON
+    
+
+****
+    
+        
+                {
+          "Version":"2012-10-17",		 	 	 
+          "Statement": [
+            {
+              "Effect": "Allow",
+              "Principal": {
+                "Service": "logdelivery.elasticloadbalancing.amazonaws.com"
+              },
+              "Action": "s3:PutObject",
+              "Resource": "arn:aws:s3:::amzn-s3-demo-bucket/prefix/AWSLogs/123456789012/*"
+            }
+          ]
+        }
+        
+